Sending email from a smarthost or your ISP’s outgoing SMTP server can often lack the necessary capabilities required to host a quality mail server. It’s too often I’ve seen an ISP completely change the ports it uses, lock down access from your server, just plain suck at sending mail to certain domains or even take forever to deliver the message to the recipient. If you experience any of these issues you’ll probably be better off switching to the DNS/MX method of sending mail. Here’s the process:
Exchange 2003
- Exchange System Manager
- Connectors
- SMTP Connector
- right click and go to Properties of your SMTP Connector
- select “use DNS to route each address space on this connector”
- select OK
- restart the Simple Mail Transfer Protocol service (SMTP)
Exchange 2007
- Exchange Management Console
- Organization Configuration
- Hub Transport
- Send Connectors
- right click and go to Properties of your send connector
- Network Tab
- select “Use domain name system (DNS) “MX” records to route mail automatically”
- select OK
- restart the Exchange Transport service
This is a request I see quite often across the web…can it be done? Actually, it can be done and here’s the method behind it (demo). Only the relevant tags are commented on.
CSS Breakdown
body, html {
color: #000;
font:normal normal 12px/15px “Lucida Grande”, Verdana, Arial, Helvetica, serif;
background-color: #eee;
text-align: center; /* for IE */
height: 100%; /* force relative page heights globally */
margin:0; /* removes all the margins to prevent scrollbars from popping up here and there */
padding:0; /* removes all the padding to prevent scrollbars from popping up here and there */
border:0; /* removes all the borders to prevent scrollbars from popping up here and there */
}
#container {
margin:0 auto; /* centers the content */
width:950px;
text-align:left;
min-height:100%; /* self explanatory but this isn’t supported in IE… this is what makes the design full height in non-IE browsers */
background:#999;
}
* html #container { height: 100%; } /* this is the key component that allows the footer to be forced downward preventing the content from flowing over footer and clears up the min-height issues with IE */
#container a {
color:#222;
text-decoration:none;
}
#container a:hover {
color:#000;
text-decoration:underline;
}
(more…)
Disabling SMB Signing
Being in the industry of cross platform technologies one of the most common issues that arises in file sharing between a Mac running 10.4 and Windows Server 2003/2008. Domain controllers by default are enabled to “Digitally Sign Communications” always. When this is the case a Mac running Tiger (10.4.x) or below will not be able to authenticate to a Windows server. You’ll receive an error saying something like “server could not be found” when clearly it’s there since it asked you to authenticate. All the hassle is actually an easy fix on both 2003 and 2008. To disable SMB signing do the following.
- Under the file server’s security policy (or domain controller security policy if your file servers are domain controllers)
- expand Window’s Settings
- Security Settings
- Local Policies
- Security Options and find
- Microsoft network client: Digitally sign communications (always) set to disabled
- Microsoft network server: Digitally sign communications (always) set to disabled
Connectivity Using AFP
In Windows 2003 it’s easy enough to install Apple File Sharing from Add/Remove Programs and create Macintosh file shares in addition to your Windows shares. After you have Appletalk installed when you go to create a share Within Computer Management you’ll be given the option to create Apple shares and Windows shares. Once you’ve created your Mac share you may find that when you go to mount your share you receive the same error as you did when trying to mount the share over SMB. There’s an easy fix for this as well.
AFP/Windows Authentication
- right click on My Computer and go to “Manage”
- right click on Shared Folders
- Configure File Server for Macintosh
- under Security “Enable Authentication”
- select “Apple Clear Text or Microsoft”
- click OK
AFP/Windows Read-Only
You’ll discover that once you’re able to authenticate successfully to the server and you have your share mounted that it’s actually read-only. To resolve this:
- right click on My Computer and go to “Manage”
- expand Shared Folders
- select Shares
- in the list of shares find your Mac share
- right click on your mac share and go to properties
- under SFM Volume Security uncheck “This volume is read-only”
- click OK
Now that you’ve adjusted these settings you’ll be able to share files using AFP and SMB from a Windows file server to a Mac.
There’s several methods of locking down your Microsoft Exchange Server to prevent viruses, bots, spammers, etc… from using your server to send its mail. If you’re already in a situation where your outbound queue is locked in a state of retry with thousands of messages waiting to be sent that you didn’t send then it’s obvious that your setup isn’t locked up sufficiently enough. If your stuck or want to prevent ever getting stuck here’s the process of elimination and prevention that’s nearly eliminated 99.9% of viruses and 100% secured my Exchange servers from the outside.
Blacklisted?
FIrst things first. If you’re blacklisted your server isn’t going to be able to send much mail even if it’s been cleaned and completely secured. If you’re blacklisted you need to find which lists your mail server’s IP is on. MX Toolbox has always worked for me. Follow the links on the blacklists your attached to and get an idea of what you need to do to get off the lists. If you’re server is still hosed then you just need to note where your listed and what you need to do to get off the lists. Then, you get your server cleaned up and functional before requested to be removed from the lists. If you get removed from the lists and your server isn’t clean you’ll get re-blacklisted and it’s going to be harder to get off the next time.
If you can, a filtering service is key
If email has become mission critical for your company and you don’t have the luxury of wasting time tracking down the culprit before you get your server functional I recommend immediately signing up for a hosted spam and virus filtering service. This will be a nearly instant fix that will allow your server to start working while you find the cause of the problem (Don’t drag your feet on finding the solution since this is not the primary resolution). Companies like Appriver and Google’s Postini provide a phenomenal level protection by filtering all your mail at the domain level before it ever reaches your server. This allows you to block all incoming mail traffic on SMTP port 25 with the exception of the filtering servers that will relay the email to your server once it’s filtered. Other plusses to a services like these are eliminating as much as 85% of the overall email that comes to your domain filling up your information store and a major reduction of viruses that reach the server. I know some larger companies or corporations with extreme security concerns cannot implement services like this due to regulatory issues but if you can it’s a big help.
Once your spam filtering service is setup if you don’t have a firewall capable allowing only the traffic from the speicific IP’s of your filtering hosts servers you can do basically the same thing from within the Exchange Management Console. (more…)
